struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Muralidhar Yaragalla <java.yaraga...@gmail.com>
Subject Re: common validator
Date Tue, 26 Mar 2013 22:26:03 GMT
have u tried "PreparedStatement" and see how it goes with SQL injection.
Long back i have done some work on this. So I dont remember exactly but i
think this can solve.


On Wed, Mar 27, 2013 at 3:45 AM, J.V. <jvsrvcs@gmail.com> wrote:

> I have to add checking each and every form field in my application for sql
> injection attacks (I need a method that will return a boolean false if any
> character that is typically used in sql injection is found).
>
> Each of my form classes has a validator() method.  I was thinking of
> creating my own abstract form class
>
> public abstract MyBaseForm() extends DynaValidatorForm {
>
>     public boolean validateSQL(String[] fields) {
>         // do checks here and return true or false
>    }
> }
>
> ----
> and then modify all my form classes to extend MyBaseForm (which extends
> DynaValidatorForm() and in each of my existing Form classes call
> validateSQL() as the first call of each now existing validator() method.
>
> This will be a lot of work because there are over 100 forms and 500+
> fields, is there an easier way?  I thought that using the Apache commons
> validator plugin would be best but was told that the validator() method in
> each form class is preferred, but it is turning out to be more work than
> expected.
>
> Any/all other options would be helpful.
>
> thanks
>
>
> J.V.
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: user-unsubscribe@struts.**apache.org<user-unsubscribe@struts.apache.org>
> For additional commands, e-mail: user-help@struts.apache.org
>
>


-- 
Thanks And Regards,
*Muralidhar Yaragalla.
*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message